Improperly implemented security check for standard in Juniper Junos OS - CVE-2023-44181

 

Improperly implemented security check for standard in Juniper Junos OS - CVE-2023-44181

Published: October 18, 2023


Vulnerability identifier: #VU82231
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-44181
CWE-ID: CWE-358
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly implemented security check for standard error in storm control when Storm control is enabled and ICMPv6(internet control message protocol) packets are present on device. A remote non-authenticated attacker can perform a denial of service (DoS) attack.


How to mitigate CVE-2023-44181

Install updates from vendor's website.

Sources